I have successfully configured OTRS so that our 3000+ customers can login via the customer portal using their Window accounts (two different AD LDAPs). They are all in the 'users' group and have access to the Raw queue. When they create a new ticket the Type and To (Queue) fields on the CustomerTicketMessage screen have been restricted by an ACL script so that they cannot pick other values.
We have configured the system so that all of the customers have the 178 services assigned against them, however we want to be able to apply a filter to reduce which ones they can pick via the customer portal as the list will be rather confusing to the end user.
Here is a screenshot of the ACL working correctly:
The issue I have found is that the customer will lose access to the ticket on the portal when the queue is changed to something other than Raw. I know that you can assign rights against a customer directly to other queues, however I cannot find a way to do this for all 3000+ customers as the tick boxes on the Customers<>Groups screen only apply to the customers on the screen at that point and will override any previous settings!
I have tried the Framework -> Frontend::Customer::CustomerGroupAlwaysGroups parameter and this did give the customers access to the tickets when assigned to other queues, however it has the following side effect on the CustomerTicketMessage screen where the customer can see blank lines in the Service drop down list and can still pick services that they should not have access to according to the ACL rules:
1. Has anyone seen this behaviour before and if so how do we get round it?
2. Is there any way to apply Group-to-Group relationships?
Thanks, Dan
Customer ACL Service Issue
Moderator: crythias
Customer ACL Service Issue
You do not have the required permissions to view the files attached to this post.
Last edited by otrsgsy on 01 May 2013, 15:30, edited 1 time in total.
OTRS 3.1.12
Ubuntu
MYSQL DB
Ubuntu
MYSQL DB
Re: Customer ACL Service Issue
Sorry here is the ACL:
Code: Select all
# ticket acl
$Self->{TicketAcl}->{'10-Customer Ticket Restrictions'} = {
# match properties
Properties => {
Frontend => {
Action => ['CustomerTicketMessage'],
},
},
# return possible options (white list)
Possible => {
# possible ticket options (white list)
Ticket => {
Type => ['Incident'],
Queue => ['Raw'],
Service => ['Clinical Systems', 'Clinical Systems::CRIS', 'Clinical Systems::TrakCare'],
},
},
};
OTRS 3.1.12
Ubuntu
MYSQL DB
Ubuntu
MYSQL DB
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Customer ACL Service Issue
Customer will have access to each queue that is a member of the group of which the Customer belongs. By default, this is "users" and all groups belonging to "CustomerGroupsAlwaysGroups".
I'd like to point out this: viewtopic.php?f=53&t=16064
and
viewtopic.php?f=60&t=16398
and
viewtopic.php?f=60&t=11235
I'd like to point out this: viewtopic.php?f=53&t=16064
and
viewtopic.php?f=60&t=16398
and
viewtopic.php?f=60&t=11235
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Re: Customer ACL Service Issue
I did think about using the companyID, however the two Active Directory systems have not been maintained fully and not every user has a department.
OTRS 3.1.12
Ubuntu
MYSQL DB
Ubuntu
MYSQL DB